I'm still little bit fuzzy on the difference. I'm pretty sure I need Message level security. Why would I need to define TranportBinding in the policy, if it's just going to be defined on the web servers?
On a separate but related note..I've been troubleshooting a "hash mismatch" error. The same private key works in SoapUI but not from cxf. Algorithms appear to be the same. -- View this message in context: http://cxf.547215.n5.nabble.com/x-509-security-token-tp5150380p5503185.html Sent from the cxf-user mailing list archive at Nabble.com.
